Bug 54443 - pam-0.75-14 - problem with > 8 char passwords
pam-0.75-14 - problem with > 8 char passwords
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
7.2
i386 Linux
high Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
:
: 54489 55011 64234 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-10-08 11:13 EDT by Michael Redinger
Modified: 2005-10-31 17:00 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-10-10 15:59:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Redinger 2001-10-08 11:13:37 EDT
Description of Problem:
Updating from pam-0.75-14 does not work as expected when using NIS (DES
encrypted passwords).
Up to pam-0.75-13 PAM would only use the first 8 characters even if
the user entered more than that.

In this new version, if a user enters more than 8 characters, all of them
are used.
This changes the expected behaviour of PAM and breaks existing installations.

Version-Release number of selected component (if applicable):
0.75-14

How Reproducible:
100%

Steps to Reproduce:
1. Choose a password with more than 8 characters on your NIS server.
2. Install 7.2 with the new pam package.
3. Try to login entering all characters of your  password. Login fails.
4. Using only the first 8 characters everything works fine.

Actual Results:
See above.

Expected Results:
Use only the first 8 characters.
This pam update changes the default behaviour. This must not happen, too
many things break. Especially do never change something like that in a .2
release ...
 

Additional Information:
NIS server is a Red Hat 7.0 system. Passwords are DES encrypted.
Comment 1 Matthew Miller 2001-10-08 13:18:06 EDT
Important because it breaks compatiblity with other Unixes and other Linuxes --
including older Red Hat releases. RHL needs to play nicely with others!
Comment 2 Matthew Miller 2001-10-09 23:10:43 EDT
*** Bug 54489 has been marked as a duplicate of this bug. ***
Comment 3 Nalin Dahyabhai 2001-10-10 15:55:04 EDT
That this affects passwords hashed with a non-MD5 (DES-style) crypt, so this
tends to affect environments using NIS more heavily than standalone machines or
systems using Kerberos or LDAP for authentication.  (MD5 hashing is strongly
recommended whenever compatibility with systems which don't support is not an
issue.)

This will be fixed in 0.75-15, which will show up in Raw Hide before release as
a bug-fix errata.
Comment 4 Pekka Savola 2001-10-10 15:59:02 EDT
We use DES passwords mostly (DOH!) even though NIS isn't used.

Why?  Because we also have other UNIX systems, to/from which we want to be able move users
fluently (e.g. copy the password in /etc/master).  Some of those don't even support MD5 unfortunately.

So, I expect DES may still be used in more heterogenous environments.
Comment 5 Nalin Dahyabhai 2001-10-31 15:24:11 EST
The errata package for this (0.75-16) is going out now.  Thanks!
Comment 6 Nalin Dahyabhai 2001-10-31 15:27:30 EST
*** Bug 55011 has been marked as a duplicate of this bug. ***
Comment 7 Need Real Name 2001-11-15 02:46:12 EST
The summary is not accurate.  The buggy behaviour occurs with passwords of
exactly 8 chars length, not just > 8 chars.  E.g. "z2,K2=2aS" as a password
reliably reproduces the failure to authenticate bug (omit the quotes).
The summary should say:
  pam-0.75-14 - problem with >= 8 char passwords
Comment 8 Need Real Name 2001-11-15 02:51:47 EST
Ignore the last comment - I counted 8 and not 9 in the example password.
Comment 9 Vegard Lima 2001-12-10 06:18:39 EST
This seems related: After upgrading to RH7.2 and pam-0.75-19 I am able
to log into my NIS(on solaris) connected workstation just fine.
But after locking my screen with xlock,vlock or xscreensaver, I am
not able to unlock it again.
Comment 10 Nalin Dahyabhai 2002-05-01 08:44:30 EDT
*** Bug 64234 has been marked as a duplicate of this bug. ***
Comment 11 Leonardo Bianchi Quota 2002-09-28 12:22:21 EDT
Ok. GREAT. It works!
A little comment: In this page there no way to go back to the page where the 
problem is explained. link: http://rhn.redhat.com/errata/RHBA-2001-127.html

Leo.

Note You need to log in before you can comment on or make changes to this bug.